What ports are scanned with Cloud Insight?

Answered

Comments

1 comment

  • Official comment
    Avatar
    Lindsey Stirneman

    In AWS, access to ports are controlled by Security Groups. In essence, Security Groups act like firewalls (e.g. if an AWS Security Group restricts the ports that are accessible on an EC2 instance, then the scan will ignore those ports).

    Cloud Insight evaluates AWS Security Groups to determine open ports, and only scans those ports that are accessible through those Security Groups (e.g. if an EC2 instance has port 80 and 443 open internally in the VPC, and no others, then only those 2 ports will be scanned. Should an instance have 0-65535 open, then all those ports will be scanned).

    Additionally Cloud Insight checks:

    • All major operating systems for known vulnerabilities (Windows, Linux : Debian, Redhat, Ubuntu, Centos; BSD, AIX, MacOS etc.)
    • Major operating system configuration settings against industry best practices (Windows 2008, 2012, Red Hat Enterprise Linux 5/6, CentOS Linux 6, Ubuntu 12 etc.)
    • All major internet protocols for vulnerabilities (HTTP, SSH, SSL, IPSEC, POP3, IMAP, SNMP, NTP, FTP etc.)
    • Virtual versions running in AWS of all major router and firewalls for vulnerabilities (Cisco, Linksys, F5, Checkpoint, Watchguard, Juniper etc.)
    • All major server applications (Exchange, IIS, Apache, MS-SQL, PostgreSQL, Mysql, Sendmail, Bind etc.)
    • Major standard web-applications (JIRA, Outlook Web-access, Drupal, Joomla etc.)
    • All AWS best practices (EC2 not using IAM roles, dangerous use of root user, lack of MFA, inactive user account)
    • Unrestricted inbound access, direct access to DB, S3 unrestricted access etc.

Please sign in to leave a comment.